Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-1336

CWE-1336

Improper Neutralization of Special Elements Used in a Template Engine

Parent: CWE-94 - Improper Control of Generation of Code ('Code Injection')

The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.

155 vulnerabilities with CWE-1336

CVE-2025-52122 CRITICAL

Freeform <5.10.16 - Code Injection

CVE-2025-35113 MEDIUM

Atlassian Agiloft < 31 - Remote Code Execution

CVE-2025-57811 HIGH

Craftcms Craft Cms < 4.16.6 - Remote Code Execution

CVE-2025-9094 MEDIUM

ThingsBoard 4.1 - XSS

CVE-2025-53909 CRITICAL

mailcow: dockerized <2025-07 - SSTI

CVE-2025-34300 CRITICAL

Template Injection Vulnerability in Sawtooth Software

CVE-2025-49828 HIGH

Cyberark Conjur < 1.21.2 - Remote Code Execution

CVE-2025-53833 CRITICAL

LaRecipe <2.8.1 - SSRF/RCE

CVE-2025-6761 HIGH

Kingdee Cloud-Starry-Sky Enterprise Edition - XSS

CVE-2025-6518 MEDIUM

PySpur-Dev <0.1.18 - Improper Neutralization

CVE-2025-49142 HIGH

Nautobot <2.4.10-1.6.32 - Code Injection

CVE-2025-49136 CRITICAL

listmonk <5.0.2 - Info Disclosure

CVE-2025-49619 HIGH

Skyvern SSTI Remote Code Execution

CVE-2025-5325 MEDIUM

zhilink ADP Application Developer Platform <1.0.0 - XSS

CVE-2025-47916 CRITICAL

Invisioncommunity < 5.0.7 - Remote Code Execution

CVE-2025-46731 HIGH

Craft CMS <4.14.13, <5.6.16 - Authenticated RCE

CVE-2025-23376 LOW

Dell Powerprotect Data Manager - Information Disclosure

CVE-2025-46661 CRITICAL

IPW Systems Metazo <8.1.3 - RCE

CVE-2025-3841 LOW

wix-incubator jam <e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9 - Impro...

CVE-2025-32461 CRITICAL

Tiki <28.3 - Code Injection

CVE-2025-1040 HIGH

AutoGPT <0.3.4 - SSTI/RCE

CVE-2025-26865 LOW

Apache OFBiz <18.12.18 - Info Disclosure

CVE-2025-2040 MEDIUM

zhijiantianya ruoyi-vue-pro 2.4.1 - XSS

CVE-2025-27516 HIGH

Jinja <3.1.6 - Code Injection

CVE-2025-26789 MEDIUM

Logpoint AgentX <1.5.0 - Info Disclosure

Previous Page 4 of 7 Next

Details

Vulnerabilities 155

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy